Firefox cookies

Toggle sidebar Toggle sidebar
B

brikis98

Diamond Member
Jul 5, 2005
7,253
8
0
We have a servlet that reads and writes a cookie named "props" (which contains state info). We noticed today that on one lab computer running firefox, state wasn't being tracked correctly. Looking at the cookies on this computer we noticed the following:

* A "props" cookie for host 10.30.30.96
* A "props" cookie for domain .10.30.30.96

(10.30.30.96 is the IP of our server)

So, for some reason, there are two copies of the cookie. Judging by the behavior, it seems that when a page is submitted, the server gets the domain cookie. but when the server writes a cookie back into the response, it's writing into the host cookie.

clearly, this is a big problem, but we've never seen it on any other computer/browser. any idea why this would happen and how to detect/fix/prevent it?
 
B

brikis98

Diamond Member
Jul 5, 2005
7,253
8
0
Originally posted by: ZeroIQ
If it only happens on that computer, delete the cookies and try again.
Click to expand...

we did that just, and haven't seen the cookie duplication issue since. however, we're worried it'll happen again, so i wish i could understand what caused the problem so we can prevent it in the future...
 
B

brikis98

Diamond Member
Jul 5, 2005
7,253
8
0
Originally posted by: MrChad
Can you post the code that is writing the cookies?
Click to expand...

Here it is...

Cookie c = new Cookie("PROPS", "MOVIE_PLAYING"); // a cookie named props with the value movie_playing
c.setMaxAge(31556926); // 1 year
response.addCookie(c); // response is the HttpServletResponse object
 
A

ahurtt

Diamond Member
Feb 1, 2001
4,283
0
0
Originally posted by: brikis98
Originally posted by: ZeroIQ
If it only happens on that computer, delete the cookies and try again.
Click to expand...

we did that just, and haven't seen the cookie duplication issue since. however, we're worried it'll happen again, so i wish i could understand what caused the problem so we can prevent it in the future...
Click to expand...

Perhaps a bug in the code that was there as the code was being developed was responsible for setting the "wrong" cookie but was subsequently fixed. But nobody ever deleted the cookie from the browser so the browser kept sending the "wrong" cookie back even after the code was fixed? Seems like the most likely explanation to me. Especially if you have since deleted the "wrong" cookie and now it is not coming back again. If I had to guess by looking at your code snippet, since you are not explicitly setting a domain for the cookie by calling c.setDomain() it is defaulting to the full host name. By default, cookies are only returned to the server that sent them. Was there a time when, in the cookie code, you were in fact calling the c.setDomain() method? And was it then removed? And did somebody then fail to remove the cookie from the browser? In other words, somebody used "old" code to generate "old" cookie in browser, but then changed to "new" code without deleting "old" cookie?
 
B

brikis98

Diamond Member
Jul 5, 2005
7,253
8
0
Originally posted by: ahurtt
Originally posted by: brikis98
Originally posted by: ZeroIQ
If it only happens on that computer, delete the cookies and try again.
Click to expand...

we did that just, and haven't seen the cookie duplication issue since. however, we're worried it'll happen again, so i wish i could understand what caused the problem so we can prevent it in the future...
Click to expand...

Perhaps a bug in the code that was there as the code was being developed was responsible for setting the "wrong" cookie but was subsequently fixed. But nobody ever deleted the cookie from the browser so the browser kept sending the "wrong" cookie back even after the code was fixed? Seems like the most likely explanation to me. Especially if you have since deleted the "wrong" cookie and now it is not coming back again. If I had to guess by looking at your code snippet, since you are not explicitly setting a domain for the cookie by calling c.setDomain() it is defaulting to the full host name. By default, cookies are only returned to the server that sent them. Was there a time when, in the cookie code, you were in fact calling the c.setDomain() method? And was it then removed? And did somebody then fail to remove the cookie from the browser? In other words, somebody used "old" code to generate "old" cookie in browser, but then changed to "new" code without deleting "old" cookie?
Click to expand...

Unfortunately, I don't think this is the case... the bug is happening on a QA computer and the only thing ever installed on the server was one "drop" of our code. they have never had an previous versions from before or any revisions since, so it's the same code running the entire time. only makes this issue the more puzzling :-
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom